Site Navigation

Site Mobile Navigation

F.B.I. Admits Hacker Group’s Eavesdropping

WASHINGTON — The international hackers group known as Anonymous turned the tables on the F.B.I. by listening in on a conference call last month between the bureau, Scotland Yard and other foreign police agencies about their joint investigation of the group and its allies.

Anonymous posted a 16-minute recording of the call on the Web on Friday and crowed about the episode in via Twitter: “The FBI might be curious how we’re able to continuously read their internal comms for some time now.”

Hours later, the group took responsibility for hacking the Web site of a law firm that had represented Staff Sgt. Frank Wuterich, who was accused of leading a group of Marines responsible for killing 24 unarmed civilians in Haditha, Iraq, in 2005. The group said it would soon make public “mails, faxes, transcriptions” and other material related to the case, taken from the site of Puckett & Faraj, a Washington-area law firm. A voluminous 2.55 gigabyte file labeled as those files was later posted on a site often used by hackers, Pirate Bay.

Regarding the conference call, an F.B.I. official said Anonymous had not in fact hacked into it or any other bureau facilities. Instead, the official said, the group had simply obtained an e-mail giving the time, telephone number and access code for the call. The e-mail had been sent on Jan. 13 to more than three dozen people at the bureau, Scotland Yard, and agencies in France, Germany, Ireland, the Netherlands and Sweden. One recipient, a foreign police official, evidently forwarded the notification to a private account, he said, and it was then intercepted by Anonymous.

“It’s not really that sophisticated,” said the official, who would discuss the episode only on condition of anonymity. He said no Federal Bureau of Investigation system was compromised but noted that communications security was more challenging when agencies in multiple countries were involved.

“We’re always looking at ways to make our communications more secure, and obviously we’ll be taking a look at what happened here,” he said.

The bureau issued a brief statement confirming the intrusion, which was first reported by The Associated Press: “The information was intended for law enforcement officers only and was illegally obtained. A criminal investigation is under way to identify and hold accountable those responsible.”

The breach, clearly an embarrassment for investigators, is the latest chapter in a continuing war of words and contest of technology between hacking groups and their perceived opponents in law enforcement and the corporate world.

The F.B.I. e-mail titled “Anon-Lulz International Coordination Call” — a reference to Anonymous and to an allied group of hackers, Lulz Security — announced a conference call for investigators “to discuss the on-going investigations related to Anonymous, Lulzsec, Antisec, and other associated splinter groups.”

The recording posted on YouTube and elsewhere included American and British voices discussing suspects in the case. The call begins with banter between an American named Bruce and British officials named Stewart or Stuart and Matt, who are joined by another official from F.B.I. headquarters, Timothy F. Lauster Jr., who sent the e-mail announcing the conference call.

The conference call illustrates both the scale of the international police effort to identify and prosecute the hackers, and the striking contrast in age and status of the investigators and their targets: what seem to be middle-aged law enforcement officials on two continents are overheard dissecting the illicit activities of teenagers.

An error has occurred. Please try again later.

You are already subscribed to this email.

A British official refers to Ryan Cleary and Jake Davis, two British teenagers who have been arrested and are wanted in the United States on suspicion of having ties to Anonymous. The British official describes a 325-page report analyzing Ryan Cleary’s hard drive, and an F.B.I. agent in Los Angeles discusses various suspects and their nicknames.

The investigators also refer to several suspects who had not yet been arrested, including one who calls himself Tehwongz, described by the British official as “a 15-year-old kid who’s basically just doing this all for attention and is a bit of an idiot.”

The conversation was part of an international criminal investigation that began in 2010 after Anonymous championed WikiLeaks by mounting electronic attacks on MasterCard and PayPal and other sites that had stopped collecting donations for the antisecrecy organization.

The hackers could have penetrated the law-enforcement official’s personal e-mail account by guessing a weak password, sneaking into an unencrypted wireless network, or, most likely, with a common and relatively easy tactic known as a phishing attack, said Keith Ross, a computer science professor at Polytechnic Institute of New York University and a security expert. A phishing attack involves sending an e-mail that looks like it is from a friend or relative and persuading the recipient to click on a link that allows every keystroke entered on that particular computer to be recorded. Recording keystrokes is an efficient way to steal someone’s e-mail username and password.

“The real issue for law-enforcement officials is they need to be better educated about how they handle sensitive data on their e-mails,” Mr. Ross said. “It’s an easy vulnerability to crack. If you’re not careful it’s a very dangerous attack.”

The same methods may have been used to hack the Web site of the lawyers who represented Sergeant Wuterich, Neal Puckett and Haytham Faraj. Their Web site was defaced by the hackers to display a message from Anonymous saying it was exposing “the corruption of the court systems and the brutality of U.S. imperialism,” Gawker.com reported. Later, the site was taken down.

In an interview late Friday, Mr. Faraj said he thought that little of the material stolen from their site related to the Haditha case, though some documents might relate to a polygraph that he said Sergeant Wuterich had passed. He said he feared the documents might include a confidential statement from a rape victim in an unrelated case. “I think in their haste to put stuff out there, they’re going to hurt some people,” he said.

Mr. Faraj said he had represented Guantanamo detainees and had supported and offered to represent Pfc. Bradley Manning, the soldier accused of providing documents to WikiLeaks, suggesting that the hackers of Anonymous may be inadvertently attacking someone who shares some of their presumed political views. “They got the wrong guy,” he said.

He said the F.B.I. had contacted the law firm and opened an investigation.

Sergeant Wuterich, 31, pleaded guilty last month in a military court in California to dereliction of duty, telling the judge that he regretted ordering his men to “shoot first, ask questions later.” As part of a plea agreement, however, he received no prison time, though his rank was reduced to private. The sentence sparked anger in Iraq and among some human rights advocates, and the Anonymous message complained that Sergeant Wuterich had gotten “only a pay cut” as a penalty.

Somini Sengupta and Nicole Perlroth contributed reporting from San Francisco.

A version of this article appears in print on February 4, 2012, on Page A4 of the New York edition with the headline: Hackers Eavesdrop On the F.B.I. Order Reprints|Today's Paper|Subscribe